Centos7搭建Samba服务器
1.准备工作
关闭防火墙
关闭selinux
systemctl stop firewalld.service
setenforce 0 && getenforce && \cp /etc/selinux/config{,.ori} && grep -q "SELINUX=disabled" /etc/selinux/config || sed -i 's%SELINUX=enforcing%SELINUX=disabled%g' /etc/selinux/config
2.Yum安装Samba包
yum install -y samba
[root@zon ~]# rpm -qa | grep samba
samba-4.7.1-9.el7_5.x86_64
samba-common-libs-4.7.1-9.el7_5.x86_64
samba-common-tools-4.7.1-9.el7_5.x86_64
samba-common-4.7.1-9.el7_5.noarch
samba-libs-4.7.1-9.el7_5.x86_64
samba-client-libs-4.7.1-9.el7_5.x86_64
3.规划Samba用户,权限,文件
创建规划的Samba用户
groupadd ad_gp && useradd -g ad_gp -s /sbin/nologin ad_admin && useradd -g ad_gp -s /sbin/nologin ad_user
groupadd op_gp && useradd -g op_gp -s /sbin/nologin op_admin && useradd -g op_gp -s /sbin/nologin op_user
groupadd fd_gp && useradd -g fd_gp -s /sbin/nologin fd_admin && useradd -g fd_gp -s /sbin/nologin fd_user
groupadd rd_gp && useradd -g rd_gp -s /sbin/nologin rd_admin && useradd -g rd_gp -s /sbin/nologin rd_user
useradd -s /sbin/nologin tools_admin
#设置Samba用户密码
pdbedit -a -u 用户名
创建规划的目录,并更改规划目录的所有者和所属组
mkdir /company/{ad,op,share,fd,rd} -p && mkdir /company/share/{ad,op,tools,fd,rd} -p
chown ad_admin.ad_gp /company/{ad,share/ad}
chown op_admin.op_gp /company/{op,share/op}
chown tools_admin.tools_admin /company/{share,share/tools}
chown fd_admin.fd_gp /company/{fd,share/fd}
chown rd_admin.rd_gp /company/{rd,share/rd}
更改share目录下的目录权限,使用户只对自己创建的文件有所有权限,其余人不能删除,修改该文件,管理员除外
chmod 1755 /company/share/{ad,fd,op,rd}
4.修改Samba的配置文件
备份配置文件:
cp -a /etc/samba/smb.conf{,.ori}
a.公共的,不需要登录即可访问
mkdir /public
chown -R nobody.nobody /public/
vim /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
security = user
map to guest = Bad User
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
log file = /var/log/samba/log.%m
max log size = 50000
[public]
comment = Public Stuff
path = /public
public = yes
writable = yes
b.账号登录有权限限制
[global]
workgroup = WORKGROUP
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
log file = /var/log/samba/log.%m
max log size = 50000
map to guest = Bad User
[AD]
comment = This is a directory of AD.
path = /company/ad/
public = no
admin users = ad_admin
valid users = @ad_gp
writable = yes
create mask = 0750
directory mask = 0750
[FD]
comment = This is a directory of FD.
path = /company/fd/
public = no
admin users = fd_admin
valid users = @fd_gp
writable = yes
create mask = 0750
directory mask = 0750
[OP]
comment = This is a directory of OP.
path = /company/op/
public = no
admin users = op_admin
valid users = @op_gp
writable = yes
create mask = 0750
directory mask = 0750
[RD]
comment = This is a directory of RD.
path = /company/rd/
public = no
admin users = rd_admin
valid users = @rd_gp
writable = yes
create mask = 0750
directory mask = 0750
[Share]
comment = This is a share directory.
path = /company/share/
public = no
admin users = tools_admin
valid users = tools_admin,@ad_gp,@fd_gp,@op_gp,@rd_gp
writable = yes
create mask = 0755
directory mask = 0755
5.启动Samba服务
systemctl start smb
#开机自启动smb服务
systemctl enable smb
盗版win7可能存在用户名密码正确,但是访问被拒绝,说密码错误
批量创建samba用户文件
vim creat_sys_and_smb_users.txt
ad_gp:x:行政部:ad_admin:行政主管:
ad_gp:x:行政部:ad_user:行政员工:
op_gp:x:运营部:ad_admin:运营主管:
op_gp:x:运营部:ad_user:运营员工:
fd_gp:x:财政部:ad_admin:财政主管:
fd_gp:x:财政部:ad_user:财政员工:
rd_gp:x:研发部:ad_admin:研发主管:
rd_gp:x:研发部:ad_user:研发员工:
tools_admin:x:工具管理员:tools_admin:工具管理员:
脚本批量创建samba用户,所属组,随机10位密码
vim creat_sys_and_smb_users.sh
#!/bin/bash
users_info=`cat /root/creat_sys_and_smb_users.txt`
for user_line in $users_info;
do
group1=`echo $user_line|awk -F ':' '{print $1}'`
group2=`echo $user_line|awk -F ':' '{print $2}'`
group_desc=`echo $user_line|awk -F ':' '{print $3}'`
user=`echo $user_line|awk -F ':' '{print $4}'`
name=`echo $user_line|awk -F ':' '{print $5}'`
user_passwd=`head -n 20 /dev/urandom |tr -dc A-Za-z0-9|head -c 10`
id $user > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo "$user already exists"
elif [ `grep -E "^$group1" /etc/group|wc -l` -eq 0 ]; then
groupadd $group1
echo "Creat $group1"
if [ `grep -E "^$group2" /etc/group|wc -l` -eq 0 ] && [ $group2 != "x" ]; then
groupadd $group2
echo "Creat $group2"
case $group2 in
"x")
useradd -s /sbin/nologin -M -G $group1 $user
;;
*)
useradd -s /sbin/nologin -M -G $group1,$group2 $user
;;
esac
echo $user_passwd|passwd $user --stdin > /dev/null 2>&1
echo -e "$user_passwd\n$user_passwd" |pdbedit -t -a $user > /dev/null 2>&1
echo "$name:$user:$user_passwd:$group_desc:$group1:$group2:" >> /root/smb_user_info.txt
fi
elif [ `grep -E "^$group2" /etc/group|wc -l` -eq 0 ] && [ $group2 != "x" ]; then
groupadd $group2
echo "Creat $group2"
case $group2 in
"x")
useradd -s /sbin/nologin -M -G $group1 $user
;;
*)
useradd -s /sbin/nologin -M -G $group1,$group2 $user
;;
esac
echo $user_passwd|passwd $user --stdin > /dev/null 2>&1
echo -e "$user_passwd\n$user_passwd" |pdbedit -t -a $user > /dev/null 2>&1
echo "$name:$user:$user_passwd:$group_desc:$group1:$group2:" >> /root/smb_user_info.txt
else
case $group2 in
"x")
useradd -s /sbin/nologin -M -G $group1 $user
;;
*)
useradd -s /sbin/nologin -M -G $group1,$group2 $user
;;
esac
echo $user_passwd|passwd $user --stdin > /dev/null 2>&1
echo -e "$user_passwd\n$user_passwd" |pdbedit -t -a $user > /dev/null 2>&1
echo "$name:$user:$user_passwd:$group_desc:$group1:$group2:" >> /root/smb_user_info.txt
fi
done
对应生成的用户信息文件
vim smb_user_info.txt
name1:user1:Ldh8CDTTGa:副总办:fzb:x:
name2:user2:Czg3giH793:总经办:zjb:fzb: